diff --git a/identity-and-access-management/iam/reference-content/assets/scaleway-iam-logs-k8s-example.webp b/identity-and-access-management/iam/reference-content/assets/scaleway-iam-logs-k8s-example.webp
new file mode 100644
index 0000000000..6ff3e5c1d9
Binary files /dev/null and b/identity-and-access-management/iam/reference-content/assets/scaleway-iam-logs-k8s-example.webp differ
diff --git a/identity-and-access-management/iam/reference-content/auto-generated-iam-resources.mdx b/identity-and-access-management/iam/reference-content/auto-generated-iam-resources.mdx
new file mode 100644
index 0000000000..b72f6aff18
--- /dev/null
+++ b/identity-and-access-management/iam/reference-content/auto-generated-iam-resources.mdx
@@ -0,0 +1,37 @@
+---
+meta:
+  title: Auto-generated IAM resources
+  description: This page explains how and why Scaleway auto-generates some IAM resources.
+content:
+  h1: Auto-generated IAM resources
+  paragraph: This page explains how and why Scaleway auto-generates some IAM resources.
+tags: iam
+dates:
+  validation: 2025-01-16
+categories:
+  - iam
+---
+
+Sometimes Scaleway might automatically generate IAM resources, such as applications, groups and policies.
+
+This allows policies to be set up with specific product resources as principals. These policies are created by Scaleway and can be managed by users to ensure more the access management of resource permissions.
+
+Any time Scaleway automatically creates or deletes an IAM resource, you will see it on your IAM logs.
+
+<Lightbox src="scaleway-iam-logs-k8s-example.webp" alt="Image showing IAM logs in the Scaleway console. The first two lines show a policy and group that were automatically created for a Kubernetes Kapsule cluster, respectively. The third and fourth line show a group and a policy that were deleted. In all cases, the logs indicate that the actions were performed by Scaleway." />
+
+## Kubernetes Kapsule
+
+Currently, auto-generated IAM resources only occur in Kubernetes Kapsule when a [cluster is created](/containers/kubernetes/how-to/connect-cluster-kubectl).
+
+Whenever a cluster is created, automatically so are:
+    - An IAM group containing all the nodes in the cluster as IAM applications
+      <Message type="note">
+        The node IAM applications are not visible to users.
+      </Message>
+    - An IAM policy with default permission sets and the cluster group as a principal
+
+The default policy can be edited by users to grant the cluster group permission according to their use-cases.
+
+
+
diff --git a/menu/navigation.json b/menu/navigation.json
index d7864feacc..3ae426574a 100644
--- a/menu/navigation.json
+++ b/menu/navigation.json
@@ -410,6 +410,10 @@
                   {
                     "label": "Reproducing roles and Project-scoped API keys with IAM",
                     "slug": "reproduce-roles-project-api-keys"
+                  },
+                  {
+                    "label": "Auto-generated IAM resources",
+                    "slug": "auto-generated-iam-resources"
                   }
                 ],
                 "label": "Additional Content",